If so, you MUST comply to the General Data Protection Regulation
Effective May 25th, 2018 any website that receives traffic from the European Union (EU) has to comply to GDPR to avoid the risk of large fines ($23,0000+). US companies are not exempt from Europe’s data privacy rules! It is important that all businesses assess the value of their European traffic and determine how to best satisfy the requirement. This generally is achieved by a few strategies: satisfying GDPR requirements as best as reasonably possible and/or restricting website traffic from this region.
The General Data Protection Regulation outlines 8 specific rights of European citizens that companies are expected to abide to with their website or digital advertising campaign.
The 8 rights of European citizens
The GDPR contains nearly 100 separate and nuanced articles that can be difficult to understand even if you are a data privacy expert. Because of this, although Inverse Paradox provides solutions to support clients in adhering to GDPR, it is advisable to consult an attorney when assessing risk and auditing compliance.
How Inverse Paradox helps clients adhere to GDPR
WordPress & WooCommerce – There are several plugins that when installed helps WordPress-powered websites including WooCommerce & common form plugins (Contact Form 7 & Gravity Forms) easily adhere to GDPR.
Magento – Magento 2 is GDPR-ready. This combined with a few 3rd party extensions and the right policies and opt-ins can help Magento reach proper compliance. For Magento 1, Inverse Paradox advises clients to consider investment in an upgrade to Magento 2 or migration to another eCommerce platform.
Cookie Consent Toolbar – You may have already experienced a notification toolbar on many websites throughout the web that requires a user to agree to the Cookies Policy by using the site. IP provides an easy, turn-key solution for adding this to any site.
Form Audits & Updates – Forms are one of the most critical ways data is collected from users. Making sure those forms clearly communicate how data is collected and appropriately communicates opt-in to any other marketing programs is essential.
GDPR-Compliant Vendors – Inverse Paradox has a long-list of partners that clients use for their various digital marketing efforts and ultimately these vendors collect data. These vendors all are adhering to GDPR themselves and their own practices need to be accounted for in your websites policies and practices.
Minimizing Data Collection – This may seem like the common-sense approach but seldom do clients audit just how much data their collecting to determine what is actually necessary. Not to mention, many off the shelf plugin, extensions, or 3rd party vendors collect more than what’s needed. Minimizing unnecessary collection goes a long way to minimizing risk.
Geographic Restriction – If your European traffic serves no benefit to your business, one way to easily reach GDPR compliance is to block traffic from the EU. This could be in combination with the other strategies. Note that this strategy will most definitely be a short-lived measure. It is foreseeable that data privacy will become increasingly relevant at a global scale.
These are just a high level summary of the various key strategies Inverse Paradox takes in order to help clients to reach their compliance requirements. The objective of helping a client reach compliance requires a varied scope of consulting to understand the exact nature in which a company uses its data to develop a proper implementation strategy. And to make this matter increasingly complicated, do to some of the ambiguous nature of the regulations described, companies throughout the world are still defining best-practices and advancing technology to support this relatively new policy.